package com.ruoyi.system.websocket;

import com.ruoyi.common.security.utils.SecurityUtils;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class AuthService {
    @Autowired
    public ISysUserService userService;
    // 示例：总是假设 token = "token:"+clientId 用于演示
    public boolean validateToken(String token, String clientId, String role, String appUser, String appPassword) {
        System.out.println("validateToken: " + token + " " + clientId + " " + role + " " + appUser + " " + appPassword);
        // 这里判断什么角色，如果是admin，则使用你们平台提供的验证逻辑，如果是client，则使用数据库查询用户信息进行验证。
        if ("admin".equals(role)) {
            // 查询当前用户
            SysUser receiveuser = userService.selectUser(appUser);
            if (receiveuser.getStatus().equals("1")){
                return false;
            }
            if (!appPassword.equals(receiveuser.getPassword())){
                return false;
            } else {
                return true;
            }
        } else if ("client".equals(role)){
            // 查询当前用户
            SysUser receiveuser = userService.selectUser(appUser);
            if (receiveuser.getStatus().equals("1")){
                return false;
            }
            // 获取数据库加密后的密码，与用户手输的密码进行对比
            if (!matches(receiveuser, appPassword)){
                return false;
            } else {
                return true;
            }
        } else {
            return false;
        }
    }
    public boolean matches(SysUser user, String rawPassword)
    {
        return SecurityUtils.matchesPassword(rawPassword, user.getPassword());
    }
}
